Description
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
According to the documentation, the provider can be configured via 3 different methods, sorted by priority:
- Environment variables
- Static credentials
- Shared configuration file
This priority order and usage of environment variables have two significant side effects.
Inability to use provider aliases
For example, if you want to deploy resources in multiple projects in the same Terraform workspace, you won't be able to make provider aliases work.
As the environment variables have the highest priority, all the resources configured to be deployed in different projects will be silently deployed in the project defined by the environment variable SCW_DEFAULT_PROJECT_ID.
Change of context
The second and the most serious impact of this priority order is the risk of a change of context. It's easier to control the code rather than the running environment. If we configured all our providers to use defined credentials and, by mistake or maliciously, someone runs a terraform apply with configured SCW_* environment variables, it would have a major impact on the deployed infrastructure.
A solution
This could be resolved quite easily changing the priority order to:
- Static credentials
- Environment variables
- Shared configuration file
And can be achieved as easily by changing the arguments' positions here: https://github.com/scaleway/terraform-provider-scaleway/blob/master/scaleway/provider.go#L290
Would this change make sense to you?